Wireguard is a (relatively) new VPN connection protocol that has been developed to be faster, simpler, and easier to implement than older VPN protocols such as OpenVPN and IPsec. It was initially developed for Linux but has been adapted for all major platforms and remains an open-source project. Here’s what you need to know.
Key Takeaways | Wireguard Protocol
- Wireguard is among the latest VPN protocols with contemporary encryption methods that surpass the speed, simplicity, and security of older protocols like OpenVPN.
- Wireguard has only 4,000 lines of code compared to 600,000 for OpenVPN. This makes it faster and easier to implement.
- Advantages of Wireguard include quick setup, fast connections (1-2 secs), modern cryptography, open source code, stable connections, and up to 4 times faster speeds.
- The only drawbacks are that it requires logging and doesn’t offer dynamic IP addresses.
To be clear: We’re not talking about a specific virtual private network or VPN service.
Wireguard is a VPN connection protocol.
Wireguard is a connection protocol, not a VPN service.
A protocol is basically a language of communication between two devices over a network. That could be a local network, the open internet, or, in this case…
…a virtual private network.
Pre-existing VPN encryption protocols were developed decades ago. Although they still function well, they rely on older encryption methods and are bloated with a lot of code (more on this later).
In this “What is Wireguard” article, we’re going to cover:
- What is Wireguard (simple explanation)
- How Wireguard works (and why it’s better)
- Pros vs Cons of Using the Wireguard protocol
- How to Use Wireguard
- Mullvad VPN (Open source)
- NordVPN or ProtonVPN (Commercial)
This is not meant to be a deeply technical explanation. Instead, my hope is that you can get a basic understanding of how it works and why it’s worth using.
Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed. I only recommend what I personally have used, and I appreciate your support!
Simple Explanation of the WireGuard Protocol
What is WireGuard?
Wireguard is a set of rules that govern how an encryption connection is made. It is not a VPN. Your VPN provider may offer Wireguard as a connection option, but for the average person, it is not something you download and use by itself.
Wireguard was initially developed back in 2016 as an alternative connection protocol for the Linux kernel.
What we’re dealing with here is a way to encrypt communication between two devices, which could be your computer and your corporate network, a server and a machine, your phone and the cellular network…whatever.
This is important when passing sensitive information across the open internet. There are already a lot of encryption measures in place, but a virtual private network, or “VPN”, adds an additional layer of security.
How Wireguard Works
When looking at the Wireguard protocol, specifically when you’re trying to do a comparison against another protocol like OpenVPN, it’s helpful to see it as lines of code.
- OpenVPN, the security standard for VPN protocols, has 600,000 lines of code.
- IPsec, another industry-standard protocol, comes with 400,000 lines of code.
- Wireguard only has 4,000 lines of code.
That’s not a typo. Wireguard has simplified the VPN protocol by dropping more than 99% of code that wasn’t absolutely necessary.
What you end up with is a much leaner communication language that makes connecting easier and faster.
How exactly does work? For a more technical explanation of how the protocol encrypts and decrypts packets, I recommend you read this from Thomas Krenn. They use the following graphic to explain the protocol connection between clients and servers:
Do you get it now?
Yeah, I didn’t think so.
To avoid using unnecessary jargon, Wireguard works by simplifying the process of connecting to another VPN using a state-of-the-art encrypted tunnel.
For you, the VPN user, this means:
- It takes less time to connect to a VPN server;
- The connections to the VPN servers are more stable;
- The connections are up to 4x faster.
Pretty cool, right?
Well, let’s take a look at some of the pros and cons of using Wireguard.
Pros & Cons of Wireguard VPN Protocol
What makes Wireguard so special when we have perfectly good, other VPN protocols we can use already?
Currently, you can create secure connections using the OpenVPN protocol, IPsec (Internet Protocol Security), UDP (User Datagram Protocol), PPTP (Point-to-Point Tunneling Protocol), and many other VPN protocols
It might be easier to understand if we break out the pros and cons of the Wireguard VPN protocol.
Advantages of the New Protocol
There are plenty of good reasons to start using this new protocol. These include:
- Quick Setup: Because Wireguard is based on a simple framework compared to OpenVPN and IPsec, it’s much quicker and easier to set up (although for the average person, your commercial VPN does all the setup, so this doesn’t apply). The instructions, like the lines of code, are significantly less.
- Quick Connections: In most cases, it takes about 5-10 seconds for most of my regular VPNs to connect. Wireguard is usually between 1-2 seconds, and often it feels like an almost instantaneous connection!
- Modern Cyprography Techniques: Because Wireguard was developed over the past few years, it has the advantage of incorporating state-of-the-art cryptography. This enables the creation of encrypted tunnels between two devices using symmetric encryption. These innovative techniques, such as cryptokey routing, mean that Wireguard is considered by some to be the most secure protocol available.
- Open Source: Wireguard is an open-source project, which means that anybody can look through and audit the code. The code has been peer-reviewed over the past few years, edited, and given the stamp of approval by multiple security experts.
- Stable Connection: Unlike current standards, Wireguard establishes incredibly stable connections. This means that you can jump between your wireless network and your Wi-Fi without dropping the VPN connection like most of the other protocols.
- Extremely Fast: Most tests, not just the ones conducted by the Wireguard team, have seen performance improvements by up to 4x the speed of regular VPNs. This means that you can connect to a Wireguard VPN server four times faster and your connection speeds are up to four times faster. If you’ve used a VPN for any period of time, you know how important these increased speeds are!
You see, the old connection protocols were designed decades ago and have been slowed by all the over-engineering that has taken place to make them meet different needs.
A new protocol has been much needed and it’s interesting that we’re not only getting Wireguard in 2021, but also the similar Lightway protocol by ExpressVPN
For you, the user, the only thing that really matters is that the VPN protocol connects quickly, stays connected, and gives you fast connection speeds.
There are some disadvantages to Wireguard, however, that we need to address.
Disadvantages of the New Protocol
Wireguard has surged in popularity because of all the advantages that it provides.
However, there are two very interesting disadvantages that you don’t hear about often.
- Requires Logging: Because of how Wireguard establishes the connection, the Wireguard protocol cannot be used without logging. Most VPN providers claim that they are a zero-log VPN, but they’re lying. Wireguard is incredibly secure and offers a lot of privacy, but it still leaves a trail behind.
- No Dynamic IP assignment: If you were hoping for dynamic IP addresses that will provide a small bit more privacy, you won’t be able to get it with Wireguard. The protocol is designed such that each client has a fixed IP address.
How to Use Wireguard
As I stated earlier, Wireguard was initially developed for the Linux operating system but has since been made to work with other major platforms like Windows, Mac, Android, and iOS.
But unless you’re incredibly tech-savvy and willing to dedicate a computer in your home to be your own server, you’re probably going to be looking for an acceptable commercial VPN service.
So which VPNs use it?
Eventually, all of them will. For now, I’m keeping an updated list of VPNs that use WireGuard. Here are the ones that I recommend.
Mullvad VPN: First Mover Award
Mullvad VPN was one of the first VPNs to support Wireguard as a protocol option. At this point, it’s actually the default protocol.
Other VPNs, such as the newer Mozilla VPN, rely on the Mullvad server network and exclusively use the protocol as well.
Mullvad is an open-source project that requires a bit of technical know-how to set up and they’re not the cheapest option, but it’s great for privacy-focused individuals.
Mullvad offers a flat rate of €5/mo with a 30-day money back guarantee.
NordVPN or ProtonVPN (Personal VPNs)
For a more consumer-friendly option, I recommend either NordVPN with NordLynx or ProtonVPN. Both VPN services are extremely easy to download and install on any device you want to use and support Windows, iOS, MacOS, and Android.
- New NordLynx protocol uses Wireguard
- Unblocks Netflix, Hulu, Disney+ & BBC;
- Numerous smart device apps to use;
- 30 Day Money back guarantee;
- New Wireguard protocol;
- Trustworth & transparent company;
- Excellent dedicated apps for private email, calendar, cloud storage and password management.
- 30 Day Money back guarantee;
There are pros and cons to each of these commercial VPNs, of course, so you might also be interested to read through my NordVPN review or the review of ProtonVPN before making your choice.
Final Thoughts on Wireguard VPN
If you’ve been using VPNs for a while, switching to Wireguard is going to make your life so much easier. You’ll notice an immediate improvement in the connection and, as has been the case for me, connection speeds.
What is Wireguard?
It’s reinventing the VPN connection protocol to bring it up with the times, making it faster to use, easier to implement, and lean.
Feel free to try to implement Wireguard on your own server setup, or you can use a service like Mullvad, NordVPN, or ProtonVPN.
